Nice Linear eMerge Command Injection Vulnerability

Released: Mar 26, 2024

Updated: Mar 27, 2024


Medium Severity

OT/ICS Type


Industrial access control system- Patch now

The vulnerability tracked as CVE-2019-7256 affecting an access control system called Linear eMerge E3-Series is affected by an OS command injection flaw that could allow an attacker to cause remote code execution and full access to the system. Learn More »

Common Vulnerabilities and Exposures

CVE-2019-7256

Background

The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which emphasize the importance of the potential widespread impact of this vulnerability specially when the expoloit has been publicly available. CVE-2019-7256 received a severity score of 10/10, and can be exploited remotely with low complexity.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


March 05, 2024: CISA released an ICS advisory relating to multiple vulnerabilities affecting Nice Linear eMerge E3-Series including CVE-2019-7256 which is exploited in the wild.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01

March 25, 2024: CISA added CVE-2019-7256 to its known expoited catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog


March 26, 2024: FortiGuard Labs continue to see attack attempts targeting the CVE-2019-7256 and has an existing IPS signature to block any attack attempts, however, it is recommended to apply firmware patch as recommended by the vendor to mitigate any risks fully.

Since January of this year, the IPS signature designed to safeguard against CVE-2019-7256 has been intercepting attack attempts, blocking such incidents on around 1000 distinct IPS devices daily.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • Lure

  • Decoy VM

  • IPS

  • IoT/IIoT Virtual Patch

  • Web App Security

DETECT
  • Outbreak Detection

  • Threat Hunting

  • Playbook

RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • NOC/SOC Training

  • End-User Training

IDENTIFY
  • Attack Surface Hardening

  • Inventory Management

  • Business Reputation

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0